nach oben

Journal of Cryptographic Engineering

Erschienen in:

04.08.2021 | Regular Paper

Rank estimation with bounded error via exponential sampling

verfasst von: Liron David, Avishai Wool

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 2/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Efficient rank estimation algorithms are of prime interest in security evaluation against side channel attacks (SCA) and recently also for password strength estimators. In a side channel setting it allows estimating the remaining security after an attack has been performed, quantified as the time complexity and the memory consumption required to brute force the key given the leakages as probability distributions over d subkeys (usually key bytes). In password strength estimators the rank estimation allows estimating how many attempts a password cracker would need until it finds a given password. We propose ESrank, the first rank estimation algorithm with a bounded error ratio: its error ratio is bounded by \(\gamma ^{2d-2}\), for any probability distribution, where d is the number of subkey dimensions and \(\gamma >1\) can be chosen according to the desired accuracy. ESrank is also the first rank estimation algorithm that enjoys provable poly-logarithmic time and space complexity. Our main idea is to use exponential sampling to drastically reduce the algorithm’s complexity. We evaluated the performance of ESrank on real SCA and password strength corpora. We show ESrank gives excellent rank estimation with roughly a 1-bit margin between lower and upper bounds in less than 1 second on the SCA corpus and 4 seconds preprocessing time and 7\(\mu \)sec lookup time on the password strength corpus.

Vorheriger Artikel In-depth energy analysis of security algorithms and protocols for the Internet of Things

Nächster Artikel Improved fault analysis on SIMECK ciphers

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

FIPS PUB 197, advanced encryption standard (AES).: U.S. Department of Commerce/National Institute of Standards and Technology (NIST) (2001)

Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The EM side-channel(s). Cryptogr. Hardw. Embedded Syst.-CHES 2003, 29–45 (2002)MATH

Bentley, J.L., Yao, A.C.-C.: An almost optimal algorithm for unbounded searching. Inf. Process. Lett. 5(3), 82–87 (1976)MathSciNetCrossRef

Bernstein, D.J., Lange, T., van Vredendaal, C.: Tighter, faster, simpler side-channel security evaluations beyond computing power. IACR Cryptolo. ePrint Arch. 2015, 221 (2015)

Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Selected Areas in Cryptography (SAC) (2015)

Choudary, M.O., Popescu, P.: Back to massey: impressively fast, scalable and tight security evaluation tools. In: International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 367–386 (2017)

David, L., Wool, A.: A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In: Proc. RSA Conference Cryptographers’ Track (CT-RSA’17), LNCS 10159 (San Francisco), Springer Verlag, pp. 311–327 (2017)

David, L., Wool, A.: ESrank Matlab implementation (2019). https://github.com/lirondavid/ESrank

David, L., Wool, A.: Online password guessability via multi-dimensional rank estimation. arXiv:1912.02551

10.

David, L., Wool, A.: An explainable online password strength estimator. In: Proceedings of 26th European Symposium on Research in Computer Security (ESORICS) (Darmstadt, Germany). October 2021

11.

Dell’Amico, M., Filippone, M.: Monte carlo strength evaluation: fast and reliable password checking. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, ACM, pp. 158–169 (2015)

12.

Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 401–429 (2015)

13.

Fledel, D., Wool, A.: Sliding-window correlation attacks against encryption devices with an unstable clock. In: Proceedings of 25th Conference on Selected Areas in Cryptography (SAC) (Calgary, Aug. 2018)

14.

Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Springer, pp. 251–261 (2001)

15.

Glowacz, C., Grosso, V., Poussier, R., Schueth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. Fast Softw. Encryp. 117–129,(2015)

16.

Grosso, V.: Scalable key rank estimation (and key enumeration) algorithm for large keys. In: International Conference on Smart Card Research and Advanced Applications, Springer, pp. 80–94 (2018)

17.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO’99, Springer, pp. 388–397 (1999)

18.

Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO’96, pp. 104–113 (1996)

19.

Li, Y., Meng, X., Wang, S., Wang, J.: Weighted key enumeration for em-based side-channel attacks. In: 2018 IEEE International Symposium on Electromagnetic Compatibility and 2018 IEEE Asia-Pacific Symposium on Electromagnetic Compatibility (EMC/APEMC) IEEE, pp. 749–752 (2018)

20.

Li, Y., Wang, S., Wang, Z., Wang, J.: A strict key enumeration algorithm for dependent score lists of side-channel attacks. In: International Conference on Smart Card Research and Advanced Applications, Springer, pp. 51–69 (2017)

21.

Longo, J., Martin, D.P., Mather, L., Oswald, E., Sach, B., Stam, M.: How low can you go? using side-channel data to enhance brute-force key recovery. IACR Cryptol. ePrint Arch. 2016, 609 (2016)

22.

Martin, D.P., Mather, L., Oswald, E.: Two sides of the same coin: counting and enumerating keys post side-channel attacks revisited. In: Cryptographers’ Track at the RSA Conference, Springer, pp. 394–412 (2018)

23.

Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp. 548–572 (2016)

24.

Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Advances in Cryptology–ASIACRYPT 2015. Springer, pp. 313–337 (2015)

25.

Pan, J., Van Woudenberg, J.G., Den Hartog, J.I., Witteman, M.F.: Improving dpa by peak distribution analysis. In: International Workshop on Selected Areas in Cryptography Springer, pp. 241–261 (2010)

26.

Poussier, R.: Key Enumeration, Rank Estimation and Horizontal Side-Channel Attacks. PhD thesis, ICTEAM Institute, (2017)

27.

Poussier, R., Grosso, V., Standaert, F.-X.: Comparing approaches to rank estimation for side-channel security evaluations. In: International Conference on Smart Card Research and Advanced Applications (CARDIS), Springer, pp. 125–142 (2015)

28.

Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Proceedings of 18th Cryptographic Hardware and Embedded Systems–CHES 2016. Springer, pp. 61–81 (2016)

29.

Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Smart Card Programming and Security. Springer, pp. 200–210 (2001)

30.

Shepherd, D.: Quantum key search with side channel advice. In: Selected Areas in Cryptography–SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16–18, 2017, Revised Selected Papers, vol. 10719, Springer, p. 407 (2018)

31.

Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: International Conference on Selected Areas in Cryptography, Springer, pp. 390–406 (2012)

32.

Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Advances in Cryptology—EUROCRYPT 2013. Springer, pp. 126–141 (2013)

33.

Wang, S., Li, Y., Wang, J.: A new key rank estimation method to investigate dependent key lists of side channel attacks. In: 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), IEEE, pp. 19–24 (2017)

34.

Ye, X., Eisenbarth, T., Martin, W.: Bounded, yet sufficient? how to determine whether limited side channel information enables key recovery. In: Smart Card Research and Advanced Applications (CARDIS). pp. 215–232 (2014)

Titel: Rank estimation with bounded error via exponential sampling
verfasst von: Liron David
Avishai Wool
Publikationsdatum: 04.08.2021
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 2/2022
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-021-00269-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2022

In-depth energy analysis of security algorithms and protocols for the Internet of Things

Improved fault analysis on SIMECK ciphers

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

A comprehensive tolerant algebraic side-channel attack over modern ciphers using constraint programming

Modelling cryptographic distinguishers using machine learning

Premium Partner